Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-26936
Publication date:
10/03/2025
Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound Fresh Framework allows Code Injection. This issue affects Fresh Framework: from n/a through 1.70.0.
Severity CVSS v4.0: Pending analysis
Last modification:
10/03/2025

CVE-2025-25614
Publication date:
10/03/2025
Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation, which allows teachers to update the personal data of fellow teachers.
Severity CVSS v4.0: Pending analysis
Last modification:
23/06/2025

CVE-2025-26910
Publication date:
10/03/2025
Cross-Site Request Forgery (CSRF) vulnerability in Iqonic Design WPBookit allows Stored XSS. This issue affects WPBookit: from n/a through 1.0.1.
Severity CVSS v4.0: Pending analysis
Last modification:
27/06/2025

CVE-2025-26916
Publication date:
10/03/2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in EPC Massive Dynamic. This issue affects Massive Dynamic: from n/a through 8.2.
Severity CVSS v4.0: Pending analysis
Last modification:
10/03/2025

CVE-2025-26933
Publication date:
10/03/2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Nitin Prakash WC Place Order Without Payment allows PHP Local File Inclusion. This issue affects WC Place Order Without Payment: from n/a through 2.6.7.
Severity CVSS v4.0: Pending analysis
Last modification:
10/03/2025

CVE-2025-25620
Publication date:
10/03/2025
Unifiedtransform 2.0 is vulnerable to Cross Site Scripting (XSS) in the Create assignment function.
Severity CVSS v4.0: Pending analysis
Last modification:
23/06/2025

CVE-2024-12604
Publication date:
10/03/2025
Cleartext Storage of Sensitive Information in an Environment Variable, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Tapandsign Technologies Tap&Sign App allows Password Recovery Exploitation, Functionality Misuse.This issue affects Tap&Sign App: before V.1.025.
Severity CVSS v4.0: Pending analysis
Last modification:
12/09/2025

CVE-2025-2152
Publication date:
10/03/2025
A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. This issue affects the function Assimp::BaseImporter::ConvertToUTF8 of the file BaseImporter.cpp of the component File Handler. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity CVSS v4.0: MEDIUM
Last modification:
13/03/2025

CVE-2025-2153
Publication date:
10/03/2025
A vulnerability, which was classified as critical, was found in HDF5 1.14.6. Affected is the function H5SM_delete of the file H5SM.c of the component h5 File Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.
Severity CVSS v4.0: LOW
Last modification:
13/03/2025

CVE-2025-25616
Publication date:
10/03/2025
Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows students to modify rules for exams. The affected endpoint is /exams/edit-rule?exam_rule_id=1.
Severity CVSS v4.0: Pending analysis
Last modification:
13/03/2025

CVE-2025-26865
Publication date:
10/03/2025
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz.<br /> <br /> This issue affects Apache OFBiz: from 18.12.17 before 18.12.18.  <br /> <br /> It&amp;#39;s a regression between 18.12.17 and 18.12.18.<br /> In case you use something like that, which is not recommended!<br /> For security, only official releases should be used.<br /> <br /> In other words, if you use 18.12.17 you are still safe.<br /> The version 18.12.17 is not a affected.<br /> But something between 18.12.17 and 18.12.18 is.<br /> <br /> In that case, users are recommended to upgrade to version 18.12.18, which fixes the issue.
Severity CVSS v4.0: Pending analysis
Last modification:
23/06/2025

CVE-2024-57492
Publication date:
10/03/2025
An issue in redoxOS relibc before commit 98aa4ea5 allows a local attacker to cause a denial of service via the round_up_to_page funciton.
Severity CVSS v4.0: Pending analysis
Last modification:
24/03/2025
Subscribe to Vulnerabilities